| Subject | Re: Secure FireBird 1.5.2 or IB 6 |
|---|---|
| Author | rekkod |
| Post date | 2005-04-15T07:28:28Z |
We control access to the database by changing the SYSDBA password,
but anybody can copy the db to another machine and access the meta
data with masterkey. If the database is encrypted with a key that is
known (and stored in the exe (for all users)) it will just make it a
little more difficult for the casual cracker to access the db... not
so?
An additional thought that I had, is that "if" the Server source can
be changed in such a way that the file-structure is modified so that
only the custom-compiled Server can read the db, then nobody can
access the db with tools like IBConsole. Clever hi! When the
developteam works with the db it will be in standard IB/FB format.
When it is deployed a tool will modify the db structure to the
propriatory format (and it can also convert it back). Only the custom
Server will be able to read the db then. Can this work to secure your
meta data and data? Will it be a lot of work? (If the FB dev team can
develop a generic way of allowing the developers to change the format
of the db so that only they and their custom-compiled FB Server will
know how to read it, then won't FB then be fairly secure).
--- In firebird-support@yahoogroups.com, "Ann W. Harrison"
<aharrison@i...> wrote:
but anybody can copy the db to another machine and access the meta
data with masterkey. If the database is encrypted with a key that is
known (and stored in the exe (for all users)) it will just make it a
little more difficult for the casual cracker to access the db... not
so?
An additional thought that I had, is that "if" the Server source can
be changed in such a way that the file-structure is modified so that
only the custom-compiled Server can read the db, then nobody can
access the db with tools like IBConsole. Clever hi! When the
developteam works with the db it will be in standard IB/FB format.
When it is deployed a tool will modify the db structure to the
propriatory format (and it can also convert it back). Only the custom
Server will be able to read the db then. Can this work to secure your
meta data and data? Will it be a lot of work? (If the FB dev team can
develop a generic way of allowing the developers to change the format
of the db so that only they and their custom-compiled FB Server will
know how to read it, then won't FB then be fairly secure).
--- In firebird-support@yahoogroups.com, "Ann W. Harrison"
<aharrison@i...> wrote:
> rekkod wrote:approach
> >
> > We want to secure our Meta Data and we decided that the best
> > will be to download the source and encrypt/decrypt the data inthe low-
> > level read/write routines.being
>
> How are you going to manage keys?
>
> > I was just wondering, does anybody know
> > about a verion of IB or FireBird 1.5.2 where this has already
> > done, so that we can just replace/specify the encryption key, andif
> > required maybe do our own re-compile of the source.person to
>
> There is conditional code for encryption, but the system was never
> completed and does not work generally. According to the last
> try, the Windows version is the closest to working, but any versionwill
> require a separate dll that performs the encryption. And, ofcourse,
> you've got the key problem.
>
> Regards,
>
>
> Ann